The attacker gave Amazon fake details from a whois query, and got real address and phone number in exchange. Now they had enough to bounce around a few services, even convincing a bank to issue them a new copy of Credit Card.